Can our staff use ChatGPT for client work at all?

Yes — with rules. Most firms allow AI for drafting emails, research starting points, and internal templates, while prohibiting entry of client-identifiable financial data into consumer AI tools. Your policy should draw exactly that line.

Does IRC §7216 apply to AI tools?

For tax preparers, §7216 restricts disclosure of tax return information to third parties — which can include an AI vendor. A policy should require vendor review before any client tax data touches an AI tool.

AI Policy Template for Accounting & Bookkeeping

Accounting firms were among the fastest adopters of ChatGPT and Copilot — and among the most exposed. Client financial data is exactly the kind of information that must never leak into a model's training set, and AI-drafted tax guidance is wrong often enough that unreviewed output is a malpractice risk. A written AI policy tells your staff what's allowed, protects client confidentiality, and gives you something to show clients and insurers who ask.

Generate a policy customized for accounting firms in about 3 minutes:

Generate my accounting & bookkeeping AI policy

Free preview · $49 one-time to download

AI risks specific to accounting firms

Client financial records pasted into chatbots may be retained and used for model training
AI-drafted tax advice can contain confident but wrong figures or outdated rules for the current tax year
Client confidentiality obligations (IRC §7216 for tax preparers) apply to AI tools just like any third party
AI summaries of financial statements can silently drop material disclosures

Compliance requirements your policy must address

GLBA

Nonpublic personal information (NPI) covered by the Gramm-Leach-Bliley Act — including account numbers, balances, credit information, and any data collected in connection with providing a financial product — must not be entered into AI tools that have not been approved for NPI under the Company's GLBA safeguards program.

SOX

AI tools must not be used to prepare, alter, or summarize financial records subject to Sarbanes-Oxley internal controls unless the output is fully reviewed under the Company's existing financial review and sign-off process. AI use never reduces the documentation or approval requirements of an internal control.

What a complete accounting & bookkeeping AI policy includes

Purpose, scope, and who the policy covers (employees, contractors, volunteers)
Approved AI tools and the process for approving new ones
Acceptable uses — and the prohibited list, including data that must never enter prompts
Privacy-law clauses for your jurisdictions (GDPR, EU AI Act, CCPA, PIPEDA) plus GLBA and SOX requirements
Human review and accountability rules for AI output
Incident reporting, enforcement, and annual review

Frequently asked questions

Can our staff use ChatGPT for client work at all?: Yes — with rules. Most firms allow AI for drafting emails, research starting points, and internal templates, while prohibiting entry of client-identifiable financial data into consumer AI tools. Your policy should draw exactly that line.
Does IRC §7216 apply to AI tools?: For tax preparers, §7216 restricts disclosure of tax return information to third parties — which can include an AI vendor. A policy should require vendor review before any client tax data touches an AI tool.

Get your accounting & bookkeeping AI policy

Answer a few questions, preview the full document free, and download it as editable Word for a one-time $49.

Start the generator

DraftAIPolicy is not a law firm; documents are self-help templates, not legal advice.

Other industries

Legal Services Healthcare & Medical Practices Financial Services & Advisory Insurance Education (K-12 & Districts)Higher Education Software & SaaS Marketing & Creative Agencies